Fixes #382: Bookmarklet can not retrieve title when there is a quotation mark in it

bookmarklet fields weren't correctly escaped
author: ArthurHoaro <arthur@hoa.ro> 2015-11-22 15:47:41 +0100
committer: ArthurHoaro <arthur@hoa.ro> 2015-11-22 15:47:41 +0100
commit: 739dc2434424cf8d420dda648efcb9ad690bdc6e (patch)
tree: 4e2d48f5636c9bd7ecd01f7a23f94f001ae66315 /index.php
parent: a5dd1772bd17090e502eb8d117cf4efeed524b1e (diff)
download: Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.tar.gz
Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.tar.zst
Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/index.php b/index.php
index 872acf09..8f0bd4b9 100644
--- a/index.php
+++ b/index.php
@@ -1611,11 +1611,11 @@ function renderPage()
            $link_is_new = true;
            $linkdate = strval(date('Ymd_His'));
            // Get title if it was provided in URL (by the bookmarklet).
-            $title = (empty($_GET['title']) ? '' : $_GET['title'] );
+            $title = empty($_GET['title']) ? '' : escape($_GET['title']);
            // Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
-            $description = (empty($_GET['description']) ? '' : $_GET['description']);
+            $description = empty($_GET['description']) ? '' : escape($_GET['description']);
-            $tags = (empty($_GET['tags']) ? '' : $_GET['tags'] );
+            $tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
-            $private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);
+            $private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
            // If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
            if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
                // Short timeout to keep the application responsive
author	ArthurHoaro <arthur@hoa.ro>	2015-11-22 15:47:41 +0100
committer	ArthurHoaro <arthur@hoa.ro>	2015-11-22 15:47:41 +0100
commit	739dc2434424cf8d420dda648efcb9ad690bdc6e (patch)
tree	4e2d48f5636c9bd7ecd01f7a23f94f001ae66315 /index.php
parent	a5dd1772bd17090e502eb8d117cf4efeed524b1e (diff)
download	Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.tar.gz Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.tar.zst Shaarli-739dc2434424cf8d420dda648efcb9ad690bdc6e.zip

diff --git a/index.php b/index.php index 872acf09..8f0bd4b9 100644 --- a/index.php +++ b/index.php
@@ -1611,11 +1611,11 @@ function renderPage()
1611	$link_is_new = true;	1611	$link_is_new = true;
1612	$linkdate = strval(date('Ymd_His'));	1612	$linkdate = strval(date('Ymd_His'));
1613	// Get title if it was provided in URL (by the bookmarklet).	1613	// Get title if it was provided in URL (by the bookmarklet).
1614	$title = (empty($_GET['title']) ? '' : $_GET['title'] );	1614	$title = empty($_GET['title']) ? '' : escape($_GET['title']);
1615	// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]	1615	// Get description if it was provided in URL (by the bookmarklet). [Bronco added that]
1616	$description = (empty($_GET['description']) ? '' : $_GET['description']);	1616	$description = empty($_GET['description']) ? '' : escape($_GET['description']);
1617	$tags = (empty($_GET['tags']) ? '' : $_GET['tags'] );	1617	$tags = empty($_GET['tags']) ? '' : escape($_GET['tags']);
1618	$private = (!empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0);	1618	$private = !empty($_GET['private']) && $_GET['private'] === "1" ? 1 : 0;
1619	// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)	1619	// If this is an HTTP(S) link, we try go get the page to extract the title (otherwise we will to straight to the edit form.)
1620	if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {	1620	if (empty($title) && strpos(get_url_scheme($url), 'http') !== false) {
1621	// Short timeout to keep the application responsive	1621	// Short timeout to keep the application responsive